On Tue, Sep 13, 2011 at 1:06 PM, Marsh Ray <[email protected]> wrote:
> Q: What kind of pinning would we recommend to our friend or family member > who runs his business on the web? > Right now he has his domain registration and cert from GoDaddy. They could also buy a cert from StartSSL, and keep it on a USB token in a safe, in case of emergency. I.e., everyone who does pinning should have a backup pin. But, currently, we are saying this about that: """Deploying certificate pinning safely will require operational and organizational maturity due to the risk that HSTS Hosts may "brick" themselves by pinning to a certificate that becomes invalid.""" """The disaster recovery plans described above all incur new costs for site operators, and increase the size of the certificate market. Arguably, well-run sites had already absorbed these costs because (e.g.) backup certificates from different CAs were necessary disaster recovery mechanisms even before certificate pinning. Small sites — which although small might still need to provide good security — may not be able to afford the disaster recovery mechanisms we recommend. (The cost of the backup certificate is not the issue; it is more the operational costs in safely storing the backup and testing that it works.) Thus, low-risk pinning may be available only to large sites; small sites may have to choose no pinning or potentially bricking their site (up to the maxAge window). This is not worse than the status quo.""" _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
